Installing an SSL certificate on an IBM HTTP Server

The certificate we send you by email is the last in a chain that leads back to the original Certificate Authority. You must install a Root, one or two Intermediates, and the certificate for your domain name in order for visitors' browsers to trust your certificate as authentic.

Part one: Download and save certificates

1. Open the email we sent you, that contains the certificate for your domain name.

2. Copy the certificate, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.

3. Paste the certificate into a blank document in a text editor. Use an editor that will not add characters, such as TextPad.

4. Save the document. We recommend that you name it YourDomainName.crt and save it in your Web server's default directory for SSL certificates.

   We recommend that you also back up your certificate on another computer or storage device.

5. Confirm which certificate you purchased, and determine which set of Root and Intermediate certificates to download.

   To confirm which certificate you purchased, review your order confirmation.

   • If you purchased SBS Instant, download set A below.

   • If you purchased SBS Secure or Secure Plus, download set B below.

   A -- SBS Instant

   • Instant Validation UTN Global Root CA
   • Instant Validation AddTrust Intermediate 1 CA
   • Instant Validation SBS Intermediate 2 CA

   -OR-

   B -- SBS Secure and Secure Plus

   • Full Validation Root CA
   • Full Validation Intermediate CA

6. Download the Root-Intermediate set for your domain name certificate. To download, right-click each certificate file name and select Save Target As.

   Save the Root and Intermediate certificates to the same directory where you saved the certificate for your domain name.

Part two: Install certificates

Follow these procedures for each certificate in the chain, the Root certificate first.

If you purchased SBS Instant, install *IntermediateCA1.crt second, and *Intermediate2CA.crt third.

If you purchased SBS Secure or Secure Plus, install *Intermediate3.crt second.

Install the certificate for your domain name last.

To store a CA Certificate:

1. From a UNIX command line, enter IKEYMAN. In Windows, start the Key Management utility in the IBM HTTP Server folder.
2. Select Key Database File, and click Open.
3. In the Open dialog box, select your key database name. Click OK.
4. In the Password Prompt dialog box, enter your password. Click OK.
5. In the Key Database box, select Signer Certificates and click Add.
6. In the Add CA Certificate from a File dialog box, select the certificate to add, or use the Browse option to locate the certificate.
7. Click OK.
8. In the Label dialog box, enter a label name and click OK.

To receive the CA-signed certificate into a key database:

1. From a UNIX command line, enter IKEYMAN. In Windows, start the Key Management utility in the IBM HTTP Server folder.
2. Select Key Database File, and click Open.
3. In the Open dialog box, select your key database name. Click OK.
4. In the Password Prompt dialog box, enter your password. Click OK.
5. In the Key Database content frame, select Personal Certificates and then click the Receive button.
6. In the Receive Certificate from a File dialog box, select the certificate file. Click OK.

Note: IBM has prepared a special guide called "Global Certificate Usage with OS/390 Webservers."